Login
Request Access

Compliance

Compliance & audit support

SeaGoat is designed for workflows where decisions need to hold up under scrutiny. This page outlines how the platform supports compliance requirements through audit trails, evidence binding, and human review gates.

We do not replace licensed professionals or make final determinations. We provide workflow infrastructure that keeps evidence linked to findings, findings linked to costs, and decisions traceable to their source.

Built for auditability

Evidence binding

Every finding in the Action Log links to source evidence (photos, documents, field notes). Cost items link to findings. Report sections cite their inputs. If evidence is modified or deleted, dependent outputs are flagged for re-review.

Review status tracking

All outputs carry review status (draft, approved, overridden). Reviewers can approve, override, or send items back for revision. Review actions are logged with timestamp and user identity.

Override rationale

When a reviewer overrides a system suggestion, they provide rationale that becomes part of the audit record. The original suggestion and the override reason are both preserved.

Audit trail

  • User actions (create, modify, approve, override, delete)
  • Timestamps for all workflow state changes; user identity and rationale for overrides
  • Evidence attachment and modification history
  • Export events with output generation metadata

Human judgment boundary

SeaGoat is a workflow support system, not a certification or approval engine.

System role

The platform analyzes evidence and proposes findings, cost estimates, and report language based on configured rules and domain logic.

Human role

Licensed professionals (engineers, inspectors, consultants) review proposals, validate against field conditions, and approve or override as needed. Final determinations remain with qualified reviewers.

Not a substitute

SeaGoat does not replace:

  • Professional engineering judgment
  • Licensed inspector certification
  • Third-party verification requirements
  • Final cost approval authority
  • Regulatory compliance sign-off

The system accelerates workflow and maintains evidence chains—it does not make final decisions on asset condition, liability, or compliance status.

Data integrity & traceability

Versioning

Evidence, findings, and outputs maintain version history. Prior states can be reviewed to understand how conclusions evolved through the workflow.

Reproducible exports

Reports and cost schedules can be regenerated from saved workflow state. The system preserves the data snapshot used to generate each export, so outputs can be reproduced and verified.

Evidence immutability

Once evidence is attached to a finalized finding, modifications to that evidence trigger re-review requirements. This prevents silent changes to the evidentiary basis of approved work.

Traceability

Every output element traces back to:

  • Source evidence (photo/document ID, upload timestamp, user)
  • Generating workflow step (Action Log entry, cost item, report section)
  • Review action (approver identity, approval timestamp, override rationale if applicable)

Client configuration isolation

Logical separation

Client-specific configurations (templates, cost libraries, validation rules, custom language) are isolated per engagement. Configuration changes in one client environment do not affect other deployments.

No cross-client data exposure

Evidence, findings, and workflow data are scoped to the engagement. The system architecture prevents one client from accessing another client's data or configurations.

Custom rule sets

Clients can configure:

  • Custom cost item libraries
  • Client-specific report templates and language
  • Validation rule thresholds (e.g., evidence requirements, cost logic gates)
  • Review workflow assignments

Changes to these configurations apply only to the client's environment and do not propagate across deployments.

Records & retention

What is retained

  • Evidence files (photos, documents, field notes)
  • Action Log entries with approval status and review history
  • Cost tables and reserve schedules
  • Generated reports with metadata (generation timestamp, approver, source data snapshot)
  • Audit logs (user actions, timestamps, override rationale)

Retention duration

Retention policies are defined by organization agreement and operational requirements. Standard retention supports multi-year asset tracking and regulatory compliance timelines.

Deletion & archival

Organizations can request data deletion or archival according to their retention policies and compliance requirements. Deletion requests are processed with audit logging to maintain record of the action.

Export & backup

Organizations can export workflow data and reports for external archival systems. Exports include evidence, findings, cost data, and audit trails in structured formats for long-term storage.

Security & compliance alignment

Organization requirements

SeaGoat aligns to organization security and compliance requirements through pilot scoping, technical reviews, and deployment planning. We work with security teams to address specific control requirements.

Vendor review support

We support vendor security review processes including:

  • Security questionnaire responses
  • Technical architecture documentation
  • Control evidence and policy documentation
  • Coordination for penetration testing or security assessments (when required)

Compliance framework alignment

While SeaGoat does not currently hold formal certifications (SOC 2, ISO 27001), the platform is designed with control principles aligned to these frameworks:

  • Access control and least-privilege principles
  • Audit logging and traceability
  • Data encryption in transit and at rest
  • Secure credential management
  • Environment separation (staging vs. production)

Roadmap

SOC 2 Type II certification is currently in preparation. Target completion is tied to pilot feedback and enterprise deployment commitments.

We prioritize compliance work based on organization requirements—not arbitrary timelines. If your deployment requires SOC 2 before rollout, we accelerate accordingly.

Limitations & disclaimers

Professional services

SeaGoat does not provide engineering services, professional certifications, or final compliance determinations. The platform supports licensed professionals in their workflow—it does not replace their judgment or responsibility.

Valuation & cost estimation

Cost estimates generated by the platform are research and workflow support. They are not appraisals, final bids, or guaranteed costs. Final cost approval remains with the organization's authorized personnel.

Regulatory compliance

SeaGoat does not certify compliance with building codes, safety regulations, or industry standards. Compliance determinations remain the responsibility of licensed professionals and regulatory authorities.

Decision authority

The platform proposes findings and cost items based on evidence and configured rules. Final decisions on asset condition, required actions, and budget allocation remain with the organization's qualified reviewers and stakeholders.

Use case scope

SeaGoat is designed for inspection and due diligence workflows in commercial real estate and industrial operations. Use outside these domains should be evaluated for applicability and risk.

Industry support & third-party services

Supported workflows

SeaGoat currently supports:

  • Property Condition Assessments (PCA) for commercial real estate
  • Industrial asset inspection and integrity management workflows

Third-party services

SeaGoat uses third-party services for AI model inference, infrastructure, and data storage. For detailed information on subprocessor data handling and compliance, see our Security page or contact us directly.

Questions about compliance?

For specific compliance requirements, vendor questionnaires, or technical reviews, contact us directly. We work with security and compliance teams to address organizational requirements and support diligence processes.

Get in touch